Merge pull request #90 from efine/feature/peercert

Add support for getting peer cert when using TLS

src/h2_connection.erl

@@ -24,6 +24,7 @@
          send_promise/4,
          get_response/2,
          get_peer/1,
+         get_peercert/1,
          get_streams/1,
          send_window_update/2,
          send_frame/2
@@ -241,6 +242,11 @@ send_body(Pid, StreamId, Body, Opts) ->
 get_peer(Pid) ->
     gen_fsm:sync_send_all_state_event(Pid, get_peer).
 
+-spec get_peercert(pid()) ->
+    {ok, binary()} | {error, term()}.
+get_peercert(Pid) ->
+    gen_fsm:sync_send_all_state_event(Pid, get_peercert).
+
 -spec is_push(pid()) -> boolean().
 is_push(Pid) ->
     gen_fsm:sync_send_all_state_event(Pid, is_push).
@@ -1099,6 +1105,18 @@ handle_sync_event(get_peer, _F, StateName,
         {ok, _AddrPort}=OK ->
             {reply, OK, StateName, Conn}
     end;
+handle_sync_event(get_peercert, _F, StateName,
+                  #connection{
+                     socket={Transport,_}=Socket
+                    }=Conn) ->
+    case sock:peercert(Socket) of
+        {error, _}=Error ->
+            lager:warning("failed to fetch peer cert for ~p socket",
+                          [Transport]),
+            {reply, Error, StateName, Conn};
+        {ok, _Cert}=OK ->
+            {reply, OK, StateName, Conn}
+    end;
 handle_sync_event(_E, _F, StateName,
                   #connection{}=Conn) ->
     {next_state, StateName, Conn}.

src/sock.erl

@@ -14,6 +14,7 @@
          recv/3,
          close/1,
          peername/1,
+         peercert/1,
          setopts/2
         ]).
 
@@ -61,6 +62,11 @@ peername({ssl, Socket}) ->
 peername({gen_tcp, Socket}) ->
     inet:peername(Socket).
 
+peercert({ssl, Socket}) ->
+    ssl:peercert(Socket);
+peercert({gen_tcp, _Socket}) ->
+    {error, unsupported}.
+
 setopts({ssl, Socket}, Opts) ->
     ssl:setopts(Socket, Opts);
 setopts({gen_tcp, Socket}, Opts) ->